Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS132359.roa
File:                     AS132359.roa (raw, json)
Hash identifier:          orxb60CLqppkQmiG0wYElDRsVs5XQ1LBjFUdslHXCbs=
Subject key identifier:   94:BD:E8:A3:38:44:FB:DF:C4:8D:0D:6E:A2:77:0E:99:98:5A:07:DE
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       5D12CFD403660E16FA2524C961CB07D873BFB0D8
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS132359.roa
Signing time:             Tue 02 Jun 2026 03:18:35 +0000
ROA not before:           Tue 02 Jun 2026 03:13:35 +0000
ROA not after:            Tue 01 Jun 2027 03:18:35 +0000
asID:                     132359
IP address blocks:        78.105.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:12:cf:d4:03:66:0e:16:fa:25:24:c9:61:cb:07:d8:73:bf:b0:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Jun  2 03:13:35 2026 GMT
            Not After : Jun  1 03:18:35 2027 GMT
        Subject: CN=94BDE8A33844FBDFC48D0D6EA2770E99985A07DE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:08:4d:ef:07:ce:04:a4:19:b8:e5:a5:23:ea:
                    8e:4f:b1:90:f6:81:e9:63:d0:b9:00:82:dd:1e:b8:
                    4a:27:63:e5:6a:2c:bb:94:a8:32:6a:64:0a:36:45:
                    6c:f4:4e:bf:6d:69:a5:89:cf:bf:21:ab:f1:b8:fe:
                    e6:6f:4f:85:03:11:92:95:b3:eb:b1:26:96:52:8b:
                    3a:57:95:e8:b1:80:a1:ef:85:83:57:16:d4:8b:37:
                    89:b0:1a:6c:29:d1:c1:bb:d2:86:1b:bf:15:27:cb:
                    d4:d1:66:6a:19:d3:65:4f:6a:57:4f:bd:ee:87:30:
                    c9:e2:92:a7:81:86:70:7a:de:bd:b0:46:89:46:06:
                    74:15:49:77:26:aa:3a:e7:c7:93:3c:85:97:28:63:
                    4a:48:9c:52:14:5f:2d:20:a9:fc:8a:a1:f7:d6:71:
                    e2:30:01:f3:e9:aa:b6:9f:c0:3b:7e:f0:94:56:e3:
                    c2:b2:2f:58:95:76:8c:12:bc:1d:35:30:c8:7e:c7:
                    5b:92:21:43:d0:e4:2a:c1:1b:d5:51:23:a7:31:a0:
                    58:eb:08:97:fe:26:e8:aa:9e:22:e4:5a:13:50:d7:
                    7a:a2:7c:8a:e4:43:bd:a1:bd:9d:c6:3d:69:30:85:
                    ed:12:ca:15:15:bf:9d:f8:c2:cc:83:e3:01:4c:65:
                    41:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:BD:E8:A3:38:44:FB:DF:C4:8D:0D:6E:A2:77:0E:99:98:5A:07:DE
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS132359.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.105.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:b1:50:f5:c3:2e:c8:32:93:f0:83:30:2b:ad:91:b2:a3:90:
         be:fe:a8:c8:6d:61:1b:c3:91:f7:ab:27:49:cf:5e:d3:a7:84:
         e4:d7:d1:2f:61:82:d8:af:12:61:b2:e3:d9:3e:79:9a:f9:6e:
         08:86:96:2a:0a:fb:15:62:20:63:1f:ad:d6:88:23:e1:c5:d3:
         6e:55:3b:0b:42:fb:9f:8d:9a:67:bc:ce:f2:bf:04:5f:8c:09:
         69:a3:61:6b:62:68:5a:82:41:29:8d:db:5a:58:a4:58:e8:c5:
         67:58:97:6e:56:c9:aa:3a:77:69:5e:4d:59:0a:ac:06:0a:a1:
         23:39:bc:55:00:5f:26:07:4b:76:3b:4f:b1:9f:37:61:79:d0:
         03:1a:73:76:c3:19:e4:49:70:82:52:a5:f2:f3:8b:05:74:e7:
         c4:dd:a9:86:07:c5:88:44:5c:65:f2:7a:66:84:b3:9b:4d:e4:
         37:c5:03:3d:ef:82:12:b0:98:29:bb:91:9e:af:d2:56:f0:a5:
         b0:c7:7b:0c:94:38:62:4e:d5:44:1d:4b:03:47:3e:54:39:b1:
         c5:34:42:27:50:ea:9b:22:28:23:6a:38:70:85:70:9c:99:ae:
         de:b0:52:19:5b:23:d5:83:aa:35:61:fe:42:38:d9:db:97:f8:
         22:65:61:82
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUXRLP1ANmDhb6JSTJYcsH2HO/sNgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjA2MDIwMzEzMzVaFw0yNzA2MDEwMzE4MzVaMDMxMTAvBgNV
BAMTKDk0QkRFOEEzMzg0NEZCREZDNDhEMEQ2RUEyNzcwRTk5OTg1QTA3REUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5CE3vB84EpBm45aUj6o5PsZD2
gelj0LkAgt0euEonY+VqLLuUqDJqZAo2RWz0Tr9taaWJz78hq/G4/uZvT4UDEZKV
s+uxJpZSizpXleixgKHvhYNXFtSLN4mwGmwp0cG70oYbvxUny9TRZmoZ02VPaldP
ve6HMMnikqeBhnB63r2wRolGBnQVSXcmqjrnx5M8hZcoY0pInFIUXy0gqfyKoffW
ceIwAfPpqrafwDt+8JRW48KyL1iVdowSvB01MMh+x1uSIUPQ5CrBG9VRI6cxoFjr
CJf+JuiqniLkWhNQ13qifIrkQ72hvZ3GPWkwhe0SyhUVv534wsyD4wFMZUHTAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUlL3oozhE+9/EjQ1uoncOmZhaB94wHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzk2ZTRhYzg2LTE4MDMt
NDk0ZC04YTdiLWMwNTFhNjMxMDc1Mi8wL0FTMTMyMzU5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATmnM
MA0GCSqGSIb3DQEBCwUAA4IBAQBWsVD1wy7IMpPwgzArrZGyo5C+/qjIbWEbw5H3
qydJz17Tp4Tk19EvYYLYrxJhsuPZPnma+W4IhpYqCvsVYiBjH63WiCPhxdNuVTsL
QvufjZpnvM7yvwRfjAlpo2FrYmhagkEpjdtaWKRY6MVnWJduVsmqOndpXk1ZCqwG
CqEjObxVAF8mB0t2O0+xnzdhedADGnN2wxnkSXCCUqXy84sFdOfE3amGB8WIRFxl
8npmhLObTeQ3xQM974ISsJgpu5Ger9JW8KWwx3sMlDhiTtVEHUsDRz5UObHFNEIn
UOqbIigjajhwhXCcma7esFIZWyPVg6o1Yf5CONnbl/giZWGC
-----END CERTIFICATE-----